From 346b9b4b79072d4d600ac1119205c03285aff058 Mon Sep 17 00:00:00 2001
From: gabbe <gabbe@users.noreply.github.com>
Date: Wed, 30 Jun 2021 14:11:58 +0200
Subject: [PATCH 1/9] Added Loopia dns provider

---
 global/certbot-dns-plugins.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js
index 461bb223..17bb1c9f 100644
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@@ -304,6 +304,16 @@ dns_linode_version = [<blank>|3|4]`,
 		full_plugin_name: 'dns-linode',
 	},
 	//####################################################//
+	loopia: {
+		display_name:    'Loopia',
+		package_name:    'certbot-dns-loopia',
+		package_version: '1.0.0',
+		dependencies:    '',
+		credentials:     `dns_loopia_user = user@loopiaapi
+dns_loopia_password = abcdef0123456789abcdef01234567abcdef0123`,
+		full_plugin_name: 'dns-loopia',
+	},
+	//####################################################//
 	luadns: {
 		display_name:    'LuaDNS',
 		package_name:    'certbot-dns-luadns',

From 6c1ae77a2a40283c5444c2f7e0a7c8227aeecbd2 Mon Sep 17 00:00:00 2001
From: Amir Zarrinkafsh <nightah@me.com>
Date: Fri, 23 Jul 2021 16:24:46 +1000
Subject: [PATCH 2/9] Utilise variable for custom locations proxy_pass

If a custom location is currently set to proxy to a DNS hostname this hostname is cached by nginx. When the underlying IP for the hostname changes this will be cached in nginx until it is restarted. This behaviour is somewhat undesirable if utilising containers.

This change sets the proxy_pass for custom locations into a variable and utilises said variable for routing to the upstream backend. This will ensure that nginx will utilise the resolver and resolve the hostname to the current IP instead of relying on the nginx cache.
---
 backend/templates/_location.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/templates/_location.conf b/backend/templates/_location.conf
index 5a7a6abe..7d707009 100644
--- a/backend/templates/_location.conf
+++ b/backend/templates/_location.conf
@@ -1,10 +1,11 @@
   location {{ path }} {
+    set              $upstream {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
     proxy_set_header Host $host;
     proxy_set_header X-Forwarded-Scheme $scheme;
     proxy_set_header X-Forwarded-Proto  $scheme;
     proxy_set_header X-Forwarded-For    $remote_addr;
     proxy_set_header X-Real-IP		$remote_addr;
-    proxy_pass       {{ forward_scheme }}://{{ forward_host }}:{{ forward_port }}{{ forward_path }};
+    proxy_pass       $upstream;
 
     {% if access_list_id > 0 %}
     {% if access_list.items.length > 0 %}

From cea80b482ebc5848d7246e7a74f2557384750070 Mon Sep 17 00:00:00 2001
From: chaptergy <git@chaptergy.xyz>
Date: Wed, 4 Aug 2021 13:47:44 +0200
Subject: [PATCH 3/9] Fixes certificate renewal for dns challenges

---
 docker/rootfs/etc/letsencrypt.ini | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docker/rootfs/etc/letsencrypt.ini b/docker/rootfs/etc/letsencrypt.ini
index 3565d6e5..25c375e8 100644
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@@ -1,4 +1,3 @@
 text = True
 non-interactive = True
-authenticator = webroot
 webroot-path = /data/letsencrypt-acme-challenge

From d34691152ca5efd93087a343d423fadcd6e06989 Mon Sep 17 00:00:00 2001
From: chaptergy <git@chaptergy.xyz>
Date: Wed, 4 Aug 2021 13:52:20 +0200
Subject: [PATCH 4/9] Fixes renewal unused http certificates

---
 backend/templates/default.conf              | 2 ++
 docker/rootfs/etc/nginx/conf.d/default.conf | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/backend/templates/default.conf b/backend/templates/default.conf
index 7eef11f6..5196f285 100644
--- a/backend/templates/default.conf
+++ b/backend/templates/default.conf
@@ -16,6 +16,8 @@ server {
   error_log /data/logs/default-host_error.log warn;
 {% include "_exploits.conf" %}
 
+  include conf.d/include/letsencrypt-acme-challenge.conf;
+
 {%- if value == "404" %}
   location / {
     return 404;
diff --git a/docker/rootfs/etc/nginx/conf.d/default.conf b/docker/rootfs/etc/nginx/conf.d/default.conf
index a7634985..81d6ae48 100644
--- a/docker/rootfs/etc/nginx/conf.d/default.conf
+++ b/docker/rootfs/etc/nginx/conf.d/default.conf
@@ -9,9 +9,10 @@ server {
 
 	server_name localhost-nginx-proxy-manager;
 	access_log /data/logs/fallback_access.log standard;
-	error_log /dev/null crit;
+	error_log /data/logs/fallback_error.log warn;
 	include conf.d/include/assets.conf;
 	include conf.d/include/block-exploits.conf;
+	include conf.d/include/letsencrypt-acme-challenge.conf;
 
 	location / {
 		index index.html;

From fb8c0b9a48942a152a2bdb6ae71f5054180679a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Aug 2021 20:15:26 +0000
Subject: [PATCH 5/9] Bump tar from 4.4.13 to 4.4.15 in /backend

Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 to 4.4.15.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v4.4.13...v4.4.15)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 backend/yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/yarn.lock b/backend/yarn.lock
index 84180c26..71e6676d 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -3351,9 +3351,9 @@ table@^5.2.3:
     string-width "^3.0.0"
 
 tar@^4, tar@^4.4.2:
-  version "4.4.13"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.13.tgz#43b364bc52888d555298637b10d60790254ab525"
-  integrity sha512-w2VwSrBoHa5BsSyH+KxEqeQBAllHhccyMFVHtGtdMpF4W7IRWfZjFiQceJPChOeTsSDVUpER2T8FA93pr0L+QA==
+  version "4.4.15"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-4.4.15.tgz#3caced4f39ebd46ddda4d6203d48493a919697f8"
+  integrity sha512-ItbufpujXkry7bHH9NpQyTXPbJ72iTlXgkBAYsAjDXk3Ds8t/3NfO5P4xZGy7u+sYuQUbimgzswX4uQIEeNVOA==
   dependencies:
     chownr "^1.1.1"
     fs-minipass "^1.2.5"

From 83c5c55f32be3792330ba860c77273a84e247628 Mon Sep 17 00:00:00 2001
From: chaptergy <git@chaptergy.xyz>
Date: Fri, 6 Aug 2021 10:56:06 +0200
Subject: [PATCH 6/9] Fixes creation of certificates using the http challenge

---
 backend/internal/certificate.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 96972fe1..661950dc 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -758,6 +758,7 @@ const internalCertificate = {
 	},
 
 	/**
+	 * Request a certificate using the http challenge
 	 * @param   {Object}  certificate   the certificate row
 	 * @returns {Promise}
 	 */
@@ -768,6 +769,7 @@ const internalCertificate = {
 			'--config "' + letsencryptConfig + '" ' +
 			'--cert-name "npm-' + certificate.id + '" ' +
 			'--agree-tos ' +
+			'--authenticator webroot ' +
 			'--email "' + certificate.meta.letsencrypt_email + '" ' +
 			'--preferred-challenges "dns,http" ' +
 			'--domains "' + certificate.domain_names.join(',') + '" ' +

From d260edc5473bda39f5cc01cd0eee44ba5a766fff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 7 Aug 2021 03:02:18 +0000
Subject: [PATCH 7/9] Bump tar from 6.0.2 to 6.1.6 in /docs

Bumps [tar](https://github.com/npm/node-tar) from 6.0.2 to 6.1.6.
- [Release notes](https://github.com/npm/node-tar/releases)
- [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-tar/compare/v6.0.2...v6.1.6)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 docs/yarn.lock | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/docs/yarn.lock b/docs/yarn.lock
index df7550e6..90394e1e 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -6405,10 +6405,10 @@ minipass@^3.0.0, minipass@^3.1.1:
   dependencies:
     yallist "^4.0.0"
 
-minizlib@^2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.0.tgz#fd52c645301ef09a63a2c209697c294c6ce02cf3"
-  integrity sha512-EzTZN/fjSvifSX0SlqUERCN39o6T40AMarPbv0MrarSFtIITCBh7bi+dU8nxGFHuqs9jdIAeoYoKuQAAASsPPA==
+minizlib@^2.1.1:
+  version "2.1.2"
+  resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.2.tgz#e90d3466ba209b932451508a11ce3d3632145931"
+  integrity sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==
   dependencies:
     minipass "^3.0.0"
     yallist "^4.0.0"
@@ -9156,14 +9156,14 @@ tapable@^1.0.0, tapable@^1.1.3:
   integrity sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==
 
 tar@^6.0.2:
-  version "6.0.2"
-  resolved "https://registry.yarnpkg.com/tar/-/tar-6.0.2.tgz#5df17813468a6264ff14f766886c622b84ae2f39"
-  integrity sha512-Glo3jkRtPcvpDlAs/0+hozav78yoXKFr+c4wgw62NNMO3oo4AaJdCo21Uu7lcwr55h39W2XD1LMERc64wtbItg==
+  version "6.1.6"
+  resolved "https://registry.yarnpkg.com/tar/-/tar-6.1.6.tgz#c23d797b0a1efe5d479b1490805c5443f3560c5d"
+  integrity sha512-oaWyu5dQbHaYcyZCTfyPpC+VmI62/OM2RTUYavTk1MDr1cwW5Boi3baeYQKiZbY2uSQJGr+iMOzb/JFxLrft+g==
   dependencies:
     chownr "^2.0.0"
     fs-minipass "^2.0.0"
     minipass "^3.0.0"
-    minizlib "^2.1.0"
+    minizlib "^2.1.1"
     mkdirp "^1.0.3"
     yallist "^4.0.0"
 

From b1ceda3af4c4e14f8867443c9e333dc288389992 Mon Sep 17 00:00:00 2001
From: David Dosoudil <69464125+phantomski77@users.noreply.github.com>
Date: Wed, 28 Jul 2021 11:25:24 +0100
Subject: [PATCH 8/9] Update letsencrypt.ini to support ECDSA keys

Since we have newer certbot available, it's time to support more modern and safer ECDSA keys instead of RSA.
---
 docker/rootfs/etc/letsencrypt.ini | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker/rootfs/etc/letsencrypt.ini b/docker/rootfs/etc/letsencrypt.ini
index 25c375e8..ccb2f0b3 100644
--- a/docker/rootfs/etc/letsencrypt.ini
+++ b/docker/rootfs/etc/letsencrypt.ini
@@ -1,3 +1,5 @@
 text = True
 non-interactive = True
 webroot-path = /data/letsencrypt-acme-challenge
+key-type = ecdsa
+elliptic-curve = secp384r1

From f6efcdf9f97dcfc89a0d825fd22146d16ea2085c Mon Sep 17 00:00:00 2001
From: Jamie Curnow <jc@jc21.com>
Date: Sat, 7 Aug 2021 20:05:35 +1000
Subject: [PATCH 9/9] Bumped version

---
 .version  |  2 +-
 README.md | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/.version b/.version
index 23ae1b5d..10201185 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.9.6
+2.9.7
diff --git a/README.md b/README.md
index dd8a6c7f..92e59f7a 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.9.6-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.9.7-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>
@@ -458,6 +458,18 @@ Special thanks to the following contributors:
 				<br /><sub><b>Fuechslein</b></sub>
 			</a>
 		</td>
+		<td align="center">
+			<a href="https://github.com/nightah">
+				<img src="https://avatars.githubusercontent.com/u/3339418?v=4" width="80" alt=""/>
+				<br /><sub><b>Amir Zarrinkafsh</b></sub>
+			</a>
+		</td>
+		<td align="center">
+			<a href="https://github.com/gabbe">
+				<img src="https://avatars.githubusercontent.com/u/156397?v=4" width="80" alt=""/>
+				<br /><sub><b>gabbe</b></sub>
+			</a>
+		</td>
 	</tr>
 </table>
 <!-- markdownlint-enable -->